» 2023 » 8월

CVE-2023-37369

Posted on 2023년 8월 20일2023년 8월 20일 by admin

CVE-2023-37369

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.

Source: CVE-2023-37369

CVE-2023-4435

Posted on 2023년 8월 20일2023년 8월 20일 by admin

CVE-2023-4435

Improper Input Validation in GitHub repository hamza417/inure prior to build88.

Source: CVE-2023-4435

CVE-2023-4434

Posted on 2023년 8월 20일2023년 8월 20일 by admin

CVE-2023-4434

Missing Authorization in GitHub repository hamza417/inure prior to build88.

Source: CVE-2023-4434

CVE-2023-40711

Posted on 2023년 8월 20일2023년 8월 20일 by admin

CVE-2023-40711

Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service (out-of-memory abort) via crafted packet data, as exploited in the wild in August 2023.

Source: CVE-2023-40711

CVE-2023-2971

Posted on 2023년 8월 19일2023년 8월 19일 by admin

CVE-2023-2971

Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.

Source: CVE-2023-2971

CVE-2023-2316

Posted on 2023년 8월 19일2023년 8월 19일 by admin

CVE-2023-2316

Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>".

This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.

Source: CVE-2023-2316

CVE-2023-2318

Posted on 2023년 8월 19일2023년 8월 19일 by admin

CVE-2023-2318

DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.

Source: CVE-2023-2318

CVE-2023-2317

Posted on 2023년 8월 19일2023년 8월 19일 by admin

CVE-2023-2317

DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in <embed> tag. This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.

Source: CVE-2023-2317

CVE-2023-2110

Posted on 2023년 8월 19일2023년 8월 19일 by admin

CVE-2023-2110

Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian.

Source: CVE-2023-2110

CVE-2023-4433

Posted on 2023년 8월 19일2023년 8월 19일 by admin

CVE-2023-4433

Cross-site Scripting (XSS) – Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.

Source: CVE-2023-4433